Cross-Site Scripting Flaw in IBM WebSphere Application Server
CVE-2024-45087

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server
Vendor: CVE Published:; 11 November 2024

Summary

IBM WebSphere Application Server versions 8.5 and 9.0 are susceptible to a cross-site scripting vulnerability, which enables an attacker with privileged user access to inject and execute arbitrary JavaScript code in the web interface. This flaw can manipulate the intended functionality of the application, increasing the risk of credential disclosure during authenticated sessions, thereby compromising the security of the affected environment.

References

https://www.ibm.com/support/pages/node/7175393

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 11, 2024